SaaS Security Engineer

DUTIES:

As a SaaS Security Engineer, you will be responsible for securing the organization’s SaaS ecosystem. Your primary objective will be to assess, implement, and monitor security controls across SaaS platforms such as Microsoft 365, Salesforce, Workday, ServiceNow, and others. You’ll work closely with IT, compliance, DevOps, and business units to ensure proper configurations, data protection, identity integration, and continuous monitoring of SaaS risks.

Key Responsibilities:

• Review, assess and secure SaaS applications based on security best practices and benchmarks (e.g., CIS, NIST).
• Integrate SaaS apps with centralized IAM solutions (e.g., SSO/MFA via Okta, Azure AD).
• Monitor configurations, logs, and user activities using SSPM tools (e.g., AppOmni, Obsidian, Valence).
• Participate in SaaS vendor security reviews and due diligence assessments for new and existing services.
• Implement and maintain security controls for access, sharing, and integrations.
• Support and respond to SaaS-related incidents and perform root cause analysis.
• Collaborate with DevOps and application teams to embed SaaS security in CI/CD pipelines.
• Support audit and compliance efforts by ensuring platforms meet security requirements.
• Provide guidance and training to teams on SaaS Security practices and secure usage.

REQUIRED SKILLS:

• Experience with SaaS platforms (Microsoft 365, Google Workspace, Salesforce, ServiceNow).
• Strong knowledge of identity and access management (IAM, SSO, MFA).
• Understanding of OAuth, SAML, SCIM, and API security.
• Familiarity with DLP, CASB, and SSPM technologies.
• Experience in configuring SaaS audit logs and performing log analysis.
• Ability to write and maintain security runbooks and hardening checklists.
   

PREFERRED SKILLS:

• Experience in automation/scripting (Python, PowerShell).
• Familiarity with MITRE ATT&CK SaaS mappings.
• Exposure to Zero Trust and Secure Access Service Edge (SASE) models.
• Experience with configuration management tools and security compliance frameworks (e.g., SOC 2, ISO 27001).

RELECANT CERTIFICATIONS:

Required (or highly recommended):

• CompTIA Security+
• Microsoft Certified: Security, Compliance, and Identity Fundamentals
• Okta Certified Professional or Administrator

Preferred:

• GIAC Cloud Security Automation (GCSA)
• CCSP (Certified Cloud Security Professional)
• Certified Information Systems Security Professional (CISSP)

EDUCATIONAL REQUIREMENTS:

• Bachelor’s degree in computer science, Cybersecurity, or related field - or equivalent experience. 

LOCATION:

• Hybrid - New York, Springfield or Boston, MA